package grails3demo

import oa.system.Auth
import oa.system.AuthGroup
import oa.system.AuthGroupAuth
import oa.system.Func
import oa.system.Op
import oa.system.OpAuth
import oa.system.OpAuthGroup
import oa.system.Requestmap

class BootStrap {

    def springSecurityService

    def init = { servletContext ->
        // 定义一个保存闭包，省事
        def save = {it.save(flush:true)}

        // 定义管理员用户
        def adminUser = save(new Op(username: "admin", password: "12345", email: "admin@163.com"))
        // 定义普通管理员角色
        def adminRole = save new Auth(authority: 'ROLE_ADMIN')
        // 定义超级管理员角色
        def superRole = save new Auth(authority: 'ROLE_SUPER')
        // 定义管理员组
        def adminGroup = save new AuthGroup("GROUP_ADMIN")
        // 赋权普通管理员角色
        // OpAuth.create(adminUser, adminRole, true)
        // 把管理员角色和超级管理员角色都赋给管理员组
        AuthGroupAuth.create(adminGroup, adminRole, true)
        AuthGroupAuth.create(adminGroup, superRole, true)
        // 把管理员组赋给管理员
        OpAuthGroup.create(adminUser, adminGroup, true)

        // 预定义一些地址，予以放行
        def predefined = [
                '/',
                '/error',
                '/index',
                '/home/index*',
                '/welcome',
                '/shutdown',
                '/assets/**',
                '/**/js/**',
                '/**/css/**',
                '/**/images/**',
                '/**/favicon.ico',
                '/login/**',
                '/logout/**',
                '/verifyCode/index'
        ]
        for(String url in predefined) {
            if(!Requestmap.findByUrl(url)) {
                save new Requestmap("permitAll",url)
            }
        }

        // 定义需要管理员才能访问的地址
        save new Requestmap(url: '/admin/**',    configAttribute: 'ROLE_ADMIN');
        save new Requestmap(url: '/super/**',    configAttribute: 'ROLE_SUPER');
        save new Requestmap(url: '/func/**',    configAttribute: 'ROLE_SUPER');
        save new Requestmap(url: '/auth/**',    configAttribute: 'ROLE_SUPER');
        save new Requestmap(url: '/authGroup/**',    configAttribute: 'ROLE_SUPER');
        save new Requestmap(url: '/authGroupAuth/**',    configAttribute: 'ROLE_SUPER');
        save new Requestmap(url: '/op/**',    configAttribute: 'ROLE_SUPER');
        save new Requestmap(url: '/opAuth/**',    configAttribute: 'ROLE_SUPER');
        save new Requestmap(url: '/opAuthGroup/**',    configAttribute: 'ROLE_SUPER');
        save new Requestmap(url: '/requestmap/**',    configAttribute: 'ROLE_SUPER');
        save new Requestmap(url: '/dept/**',    configAttribute: 'ROLE_SUPER');

        // 创建功能清单
        save new Func(code: "0100", name: "系统管理", url: "/super");
        save new Func(code: "0101", name: "部门管理", url: "/dept/index");
        save new Func(code: "0102", name: "用户管理", url: "/op/index");
        save new Func(code: "0103", name: "角色管理", url: "/auth/index");
        save new Func(code: "0104", name: "角色赋权管理", url: "/opAuth/index");
        save new Func(code: "0105", name: "角色组管理", url: "/authGroup/index");
        save new Func(code: "0106", name: "角色组赋权管理", url: "/opAuthGroup/index");
        save new Func(code: "0107", name: "功能菜单管理", url: "/func/index");
        save new Func(code: "0108", name: "网页安全管理", url: "/requestmap/index");
        save new Func(code: "0111", name: "执行SQL", url: "/super/execSQL");
        save new Func(code: "0200", name: "网络管理", url: "/admin/index");

        // 清理缓存，使赋权生效
        springSecurityService.clearCachedRequestmaps()

    }
    def destroy = {
    }
}
